<?php
require_once('./PDO_class.php');
require_once('./RSA_class.php');
require_once('./config.php');
class sqlsafe {  
 
     private $getfilter = "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";  
 
     private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";  
 
    private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";  
 
     /**  
      * 构造函数  
     */ 
 
     public function __construct() {  
 
         foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}  
 
        foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}  
 
         foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}  
 
     }  
 
     /**  
      * 参数检查并写日志  
      */ 
 
     public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){  
 
         if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);  
 
         if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){     
 
             $this->writeslog($_SERVER["REMOTE_ADDR"]."    ".strftime("%Y-%m-%d %H:%M:%S")."    ".$_SERVER["PHP_SELF"]."    ".$_SERVER["REQUEST_METHOD"]."    ".$StrFiltKey."    ".$StrFiltValue);  
 
             showmsg('您提交的参数非法,系统已记录您的本次操作！','',0,1);  
 
         }  
 
     }  
 
     /**  
      * SQL注入日志  
      */ 
 
     public function writeslog($log){  
 
         $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';  
 
         $ts = fopen($log_path,"a+");  
 
         fputs($ts,$log."\r\n");  
 
         fclose($ts);  
 
     }  
 
 }  

function Data_filtering($value)
{
	$link=mysqli_connect('localhost','root','123456','creativehome');
	$value=mysqli_real_escape_string($link,$value);
	mysqli_close($link);
    $value = htmlspecialchars($value);
    return $value;
}
//end
//start 获取访问者ip
function getIP()
{
	static $realip;
	if (isset($_SERVER)){
		if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])){
			$realip = $_SERVER["HTTP_X_FORWARDED_FOR"];
		} else if (isset($_SERVER["HTTP_CLIENT_IP"])) {
					$realip = $_SERVER["HTTP_CLIENT_IP"];
		} else {
				$realip = $_SERVER["REMOTE_ADDR"];
				}
} else {
if (getenv("HTTP_X_FORWARDED_FOR")){
$realip = getenv("HTTP_X_FORWARDED_FOR");
} else if (getenv("HTTP_CLIENT_IP")) {
$realip = getenv("HTTP_CLIENT_IP");
} else {
$realip = getenv("REMOTE_ADDR");
}
}
return $realip;
}
function gettoken($id)
{
	global $dbconfig;
	$DB=new DB($dbconfig);
	$where=array('id'=>$id);
	$user=$DB->query('user','',$where);
	$token=$user['id'].','.$user['name'].','.$user['pass'].','.$user['jurisdiction'].','.$user['authorize'].','.$user['EFA'].','."xt".','.mt_rand().','.time();
	$RSA=new RSA(file_get_contents('E:\gongju\xampp\htdocs\ceshi\creativehome\api\public.txt'),file_get_contents('E:\gongju\xampp\htdocs\ceshi\creativehome\api\private.txt'));
	return $RSA->private_encrypt($token);
}
function checktoken($token)
{
	$RSA=new RSA(file_get_contents('E:\gongju\xampp\htdocs\ceshi\creativehome\api\public.txt'),file_get_contents('E:\gongju\xampp\htdocs\ceshi\creativehome\api\private.txt'));
	$arry=explode(',',$RSA->public_decrypt(str_replace(' ','+', $token)));
	if($_SESSION['id']==$arry[0]&&$_SESSION['name']==$arry[1]&&$_SESSION['pass']==$arry[2]&&$_SESSION['jurisdiction']==$arry[3]&&!$_SESSION['authorize']&&$_SESSION['issuer']==$arry[6])
	{
		return true;
	}
	else
	{
		return false;
	} 
	
}
/**
 * 验证实验功能token
 */
function CheckExperimentToken($token)
{
	$RSA=new RSA(file_get_contents('E:\gongju\xampp\htdocs\ceshi\creativehome\api\public.txt'),file_get_contents('E:\gongju\xampp\htdocs\ceshi\creativehome\api\private.txt'));
	$CheckData=explode(',',$RSA->public_decrypt(str_replace(' ','+', $token)));
	if($_SESSION['id']==$CheckData[0]&&$_SESSION['name']==$CheckData[1]&&$_SESSION['pass']==$CheckData[2]&&$_SESSION['jurisdiction']==$CheckData[3]&&!$_SESSION['authorize']&&$_SESSION['EFA']==$CheckData&&$_SESSION['EFA']&&[5]&&$_SESSION['issuer']==$CheckData[6])
	{
		return true;
	}
	else
	{
		return false;
	}
}
//end
?>